Search squid archive

request_header_access and external acl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hello all -
I've run into some trouble using the request_header_access directive with an external acl. A snippet of my config file is below:

-----
external_acl_type check_clientcert children=1 concurrency=0 ttl=3 negative_ttl=3 %USER_CERT_CN /etc/squid3/helper.pl acl matches-clienttest-cert-name external check_clientcert clienttest-cert-name

#http_access allow matches-clienttest-cert-name
#http_access deny all
request_header_access User-Agent deny matches-clienttest-cert-name
------

If i uncomment the http_access lines, i am only granted access if i present the correct client certificate, so the external acl seems to be configured correctly. I also see lines like

-----
2009/03/11 14:12:54.243| helperDispatch: Request sent to check_clientcert #1, 14 bytes
2009/03/11 14:12:54.243| helperSubmit: - clienttest-cert-name
-----

in the output of squid -X. However, when I run squid with the config file above, the User-Agent header is not removed, and I see no "helperDispatch" or "helperSubmit" in the log output. Can anyone shed some light on why external acls may not be invoked this way?


Taking a step back, my larger goal is to run an https accelerator which accepts client-certificate authenticated requests and passes information about the client cert to the origin server. My idea right now is to put the client certificate CN into the User-Agent header, but if anyone has a better idea, my current solution seems pretty hacked together. Thanks for your help.

-tucker cunningham

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux